May 3, 2022

Fortify Security Team
May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks
Date Published: May 3, 2022

https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/

Excerpt: “Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices. The damage caused by a successful attack ranges from data breach and complete device takeover to lateral movement and overriding network segmentation defenses.”

Title: China-linked Moshen Dragon Abuses Security Software to Sideload Malware
Date Published: May 3, 2022

https://securityaffairs.co/wordpress/130851/apt/moshen-dragon-targets-telcos.html

Excerpt: “A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. Experts observed overlap between the TTPs of the Moshen Dragon group with the ones of the Chinese Nomad Panda (aka RedFoxtrot).”

Title: Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’
Date Published: May 3, 2022

https://threatpost.com/mozilla-security-health-apps-creepy/179463/

Excerpt: “While they have good intentions to foster mental health and spiritual wellness, the majority of mental-health and prayer apps can harm their users in other ways by exposing personal and intimate data due to a severe lack of security and privacy protections, researchers from Mozilla have found. Of 32 mental-health and prayer mobile apps investigated by the open-source organization, 28 were found to be inherently insecure and slapped with a “Privacy Not Included” label, according to a report of the same name published online this week. Moreover, 25 apps failed to meet Mozilla’s Minimum Security Standards, such as requiring strong passwords and managing security updates and vulnerabilities, researchers said.”

Title: CMS-Based Sites Under Attack: The Latest Threats and Trends
Date Published: May 3, 2022

https://www.helpnetsecurity.com/2022/05/03/cms-threats-trends/

Excerpt: “Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report has revealed. “Unlike most compromises we see, skimming attacks are more often targeted rather than opportunistic,” the company added, and said that they expect skimmers to play an even larger role in website infections in 2022.”

Title: Russia to Rent Tech-Savvy Prisoners to Corporate IT?
Date Published: May 2, 2022

https://krebsonsecurity.com/2022/05/russia-to-rent-tech-savvy-prisoners-to-corporate-it/

Excerpt: “Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies. Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies.”

Title: AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection
Date Published: May 2, 2022

https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html

Excerpt: “Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. “This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys),” Trend Micro researchers, Christoper Ordonez and Alvin Nieto, said in a Monday analysis.”

Title: Audit Finds SSRF Vulnerability in VMware Workspace One UEM
Date Published: May  2, 2022

https://www.scmagazine.com/analysis/cloud-security/audit-finds-ssrf-vulnerability-in-vmware-workspace-one-uem%ef%bf%bc

Excerpt: “In conducting audits on VMWare Workspace One UEM, the popular mobile device management software, researchers last week reported they found a pre-authentication vulnerability that let them make arbitrary HTTP requests, including requests with any HTTP method and request body. In a blog post by Assetnote said to exploit this server side request forgery (SSRF), the researchers wrote they had to reverse engineer the encryption algorithm used by Workspace One UEM.”

Title: Google Offers $1.5M Bug Bounty for Android 13 Beta
Date Published: May 2, 2022

https://www.darkreading.com/vulnerabilities-threats/google-issues-1-5m-android-13-beta-bug-bounty

Excerpt: “Google has expanded its bug-bounty program to offer a whopping $1.5 million for a top-notch Android 13 Beta exploit – specifically, for a hack of the Titan M security chip that ships with Pixel phones. Android 13 Beta became available last week to developers and early adopters, with Google promising an outsized focus on privacy and security. It apparently aims to deliver in that department, if the bounty bump is any indication.”

Title: Unpatched DNS bug Affects Millions of Routers and IoT Devices
Date Published: May 3, 2022

https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/

Excerpt: “A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location.”

Title: Car Rental Company Sixt Hit by a Cyberattack that Caused Temporary Disruptions
Date Published: May 3, 2022

https://securityaffairs.co/wordpress/130820/security/sixt-suffered-cyber-attack.html

Excerpt: “The car rental company Sixt detected IT anomalies on April 29th, 2022 and immediately activated the incident response procedures. Later, the company confirmed that it was hit by a cyber-attack that was quickly contained, but that caused temporary business disruptions at customer care centers and selective branches.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...